Transport Tycoon Forums

Ok so 12 users a day (assuming everyday is like today which I suspect not), not a massive amount really. I suspect that at least 2 or 3 mods visit the forums at least once a day so I can't see this personally being an issue.
It won't take long to quickly check posts as most spam posts are obvious as such immediately and no first posts are essays (ok someone will prove me wrong here, but you get my point).

I can already forsee some of the new users posting the same thing a few times in a row because they don't see their posts showing up and trying again over and over...

Maybe it is an idea to add that old anti spambot thing again, the one where it would block posts if you post too many words in too little time or something. That would take care of most spambots as they just copy+paste their text or just send a POST request without going to the "post a reply" page, or atleast, I'd image they would.

That anti-spam measure that you mention Xeryus, was annoying, I recall it refusing to post some of my posts before and a number of other members becoming irritated by it.

Ameecher wrote:Ok so 12 users a day

That's twelve "valid" users. I'm not sure how many "invalid" users there are just now. I'm also not quite sure if phpBB even has the capability to do this.

Yes but if a user only needs to be cleared to post once they submit their first which is then moderated then the number will still only be 12, surely, since invalid users don't/can't post so therefore don't pose a problem. If they don't authenticate their account then there is no problem is there?

Well, that depends if we're talking about first posts or authenticating users - I thought it was the latter. If the former, then a spambot could still post 150 odd posts, they'd just be unapproved, giving the moderators a nice backlog of things to get through. (We've had a similar outbreak of spam on another forum, as I mentioned before, with them sometimes posting 80-odd unapproved (guest) posts in a day.)

Yes but if the posts don't reach the general user part of the forums surely that is an improvement? Then all the spam is in one place, awaiting moderation and can be dealt with easily rather than the issue that Jonty encountered of trying to round it up.

It is perhaps an improvement. The issue is though, does phpBB even support such a thing? As far as I'm aware, it doesn't. It supports moderation queues, but I don't think it has any kind of "new users go into the queue" setting, as far as I know - that'd require a third-party mod, which as you know I'm not overly keen on.

Well, moderated first posts might also help stop a lot of the problems with n00bs, trolls and archeologists etc. as mods could at least check that a first post is polite.

Kevo00 wrote:Well, moderated first posts might also help stop a lot of the problems with n00bs, trolls and archeologists etc. as mods could at least check that a first post is polite.

Yes, maybe we should look into this after all.

Owen, you hate installing mods, but perhaps there is something out there that can detect and remove spam (like a spamfilter or something)?

orudge wrote:I've installed reCAPTCHA on the site, which in theory should be a bit harder for automated bots to crack. Of course, if the spammers do indeed have armies of peasants typing in the codes manually, then it'll make not a bit of difference. We'll see, I guess.

Already done!

In general reCAPTCHA seems to work pretty well. I used to get lots of spam e-mails via the contact form on my website but since I installed the reCAPTCHA module for Drupal I haven't had any.

It works be taking words from scanned copies of manuscripts that computers can't read, along with a word it can, and asking you to type both in. It checks the validity of the user from the word it does know, and continues onwards if more than x% of people who translated the second word wrote the same thing as you. So you'll be helping preserve all sorts of pre-computer texts, as well!

Well, considering the recaptcha from point of view of attacker:
[*] fonts are quite legible, black and white
[*] letters are very likely a sensible word, possibly from dictionary
[*] the black streak across the word makes it a bit harder, but not much
[*] there are many sites using this, so breaking recaptcha means many sites are vulnerable.

I'd say this captcha is not trivial (not one of those that can be recognized by gocr if you run few transforms on it), but not that hard (the fact that the word is likely in dictionary helps a lot). I've seen harder ones (like the one in google or yahoo) to be already broken.

Mr. X wrote:Owen, you hate installing mods, but perhaps there is something out there that can detect and remove spam (like a spamfilter or something)?

In theory, I could write a mod for phpBB that put all posts through Akismet, and flags any as unapproved if they are marked as spam. In practice, that might not be too easy, though. Certainly not something I have time to do just now, unfortunately.

EDIT: It seems there is a mod under development to do just that. It seems to be very beta, though, so we'll see.
EDIT 2: Looking at their test board, it just displays a "your message is spam, not posting it" message, which isn't good if some real messages that "look" spammy get caught. But it may be something I could work on, given time.

Probably stupid question, but: how is working spam protection on other boards (SMF etc.)?

Well ... the PHPbb3 captcha is broken and source code is public .....

http://www.darkseoprogramming.com/2008/ ... pbb3-code/

I hope we have some other countermeasures against spam here ...

orudge wrote:I've installed reCAPTCHA on the site, which in theory should be a bit harder for automated bots to crack. Of course, if the spammers do indeed have armies of peasants typing in the codes manually, then it'll make not a bit of difference. We'll see, I guess.

It's been known for quite some time that the standard phpBB 3 CAPTCHA has been broken, hence the increase in spam recently.